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DETAILED ACTION 
Response to Amendment 

1. Applicant's amendments with respect to claims 1 - 9, 11 - 13, 15 - 16 and new claims 
17-21 have been accepted. Amendments to the abstract and specification have also been 
entered. Therefore claims 1 - 9, 1 1 - 13, and 15 - 21 are pending. 

Drawings 

2. The drawings were received on 12/18/2006. These drawings are acceptable. 

Response to Arguments 

3. Applicant's arguments filed 12/18/2006 have been fully considered but they are not 
persuasive. It is Applicant's assertion that the use of first key information and second key 
information in claim 1 is not disclosed or suggested by the use of the user session key and the 
second site's key in Lai On. The Examiner respectfully disagrees. Lai On discloses that the user 
key is a generation of a unique user identifier such as a password, etc. (see [0020]- [0021]). The 
session key as disclosed by Lai On gives an authenticated user access for a period of time (see 
[0021]). This key pair discloses a similar functionality of applicant's claimed invention as a high 
degree of security is achieved in the scheme, (see [0023]) 

Applicant also contends that Lai On fails to propose a scheme of providing a specified 
period of time of access when the second key information is used. The Examiner respectfully 
disagrees. The Examiner believes that the presence of a session key denotes a specified time 
period otherwise there would not be a need for a "session" key, the access would be at a user's 
discretion. Lai On discloses that sessions vary in status (current, previous, etc), which the 
Examiner has equated to mean that there are specified periods of time for which users are 
allowed access (see [0021]). 

For at least these reasons the Examiner maintains the rejection. 
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Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another 
who has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this title before the 
invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 
1999 (AIPA) and the Intellectual Property and High Technology Technical Amendments Act of 
2002 do not apply when the reference is a U.S. patent resulting directly or indirectly from an 
international application filed before November 29, 2000. Therefore, the prior art date of the 
reference is determined under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre-AlPA 
35 U.S.C. 102(e)). 

4. Claims 1 - 9, 1 1 - 13, 15 - 21 are rejected under 35 U.S.C. 102(e) as being anticipated 
by Lai On in US PGPub No. 2002/0059531 (hereinafter US PGPub '531). 

As for claim 1 and similar claims 4 and 8, US PGPub '531 discloses: 
An authentication system comprising a server system communicably connected to a 
communication terminal via a communication network, wherein a user handles the 
communication terminal to access data stored in the server system via the communication 
network, the server system comprising: 

a first authentication unit configured to receive user-identifying information from the 
communication terminal via the communication network, authenticate the user-identifying 
information, and generate first key information based on the authenticated user-identifying 
information, the first key information being transmitted to the user; 
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a second authentication unit configured to receive the first key information from the 
communication terminal via the communication network, to authenticate the first key 
information, and generate second key information based on the first key information, the second 
key information entitling the user to repeatedly access the data in the server system for a 
specified period of time as long as the communication terminal is activated and the second key 
information being transmitted to the communication terminal via the communication network; 
and 

an access permitting unit configured to receive the second key information from the 
communication terminal via the communication network and permit the user to access the data 
in the server system for the specified period of time every time the user accesses the server 
system, (see Abstract; Figure 2 and 3; [0008]-[0010]) 

For claim 2 and similar claim 12, US PGPub '531 discloses: 
The authentication system according to claim 1, further comprising a second server system 
which is connected to the communication network and different from the server system 
generating the second key information, wherein the second server system comprises a third 
authentication unit configured to authenticate validity of the second key information, (see Figure 
2, item 204; [0019]: describing the database; [0024]) 

For claim 3, and similar claim 13, US PGPub '531 teaches: 
The authentication system according to claim 2, wherein the second server system is configured 
to set a period of time to permit the user to access the data on the basis of both of a time instant 
at which the second key information is generated and a time remaining in the specified period of 
time set for the access to be carried out using the second key information, (see [0004], lines 10- 
11: as performed during the login sessions and session keys) 
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For claim 5 and similar claim 9, US PGPub '531 teaches: 
The server system according to claim 4, wherein the first key information is an access key for 
accessing the server system to acquire the second key information and the second key is a 
session key for accessing the data in the server system and requesting transmission of the 
data, (see [0008], lines 2-6) 

For claim 6, US PGPub '531 discloses: 
The server system according to claim 4, wherein, in cases where the user-identifying 
information is transmitted using a second communication terminal other than the communication 
terminal handled by the user, the first authentication unit transmits, to the second 
communication terminal, a second access key generated based on the user-identifying 
information provided from the second communication terminal, as the second access key being 
regarded as being the same as the previously-generated access key. (see [0008], lines 6-15) 

For claim 7 and similar claim 11, US PGPub '531 discloses: 
The server system according to claim 4, wherein the communication terminal is configured to 
provide terminal-identifying information to the server system together with the user-identifying 
information, wherein the terminal-identifying information is used for the authentication by the first 
authentication unit, (see [0009], lines 4 - 9) 

For claim 15, US PGPub '531 discloses: 
A computer program product comprising a computer readable medium having computer- 
readable program code embodied thereon, the program code, when executed, being adapted to 
carry out the method of claim 8. (see [0027]) 

For claim 16, US PGPub '531 discloses: 
An authentication method for authenticating a user terminal requesting access to data stored in 
a server system, the method comprising: 
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receiving secured user information from a user of the user terminal; 
authenticating the received user information; 

generating an access key based on the authenticated user information; 
transmitting the access key to the user; 

receiving the access key from the user terminal via a communication network at a time 

of 

a first request for accessing the data stored in the server system; 

authenticating the access key received from the user terminal; 

generating a session key based on the access key received from the user terminal; 

transmitting the session key to the user terminal via the communication network; 

receiving the session key from the user terminal via the communication network; 

permitting the user terminal to access the data in the server system if the session key is 
received within some period of time subsequent to the transmitting of the session key to the 
user terminal via the communication network; and 

transmitting additional session keys to the user terminal via the communication network 
in response to receiving the same access key from the user terminal via the communication 
network at times of additional requests for accessing the data stored in the server system 
subsequent to the time of the first request, (see Abstract; Figures 2 and 3; [0008] - [0010]) 

For claim 17, US PGPub '531 discloses: 
The method according to claim 16, wherein the secured user information is not received again 
at the subsequent times of the additional requests for accessing the data, (see [0022], lines 8 - 
10) 

For claim 18, US PGPub '531 discloses: 
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The method according to claim 16, wherein the secured user information is secured using a 
secure sockets layer protocol, (see [0008], lines 1 - 2) 

For claim 19, US PGPub '531 discloses: 
The method according to claim 16, further comprising: 

receiving the same access key from at least one other, different user terminal; 

generating a session key based on the access key; 

transmitting the session key to the other user terminal via the communication network; 
receiving the session key from the other user terminal via the communication network; 

and 

permitting the other user terminal to access the data in the server system if the session 
key is received within some period of time subsequent to the transmitting of the session key to 
the other user terminal via the communication network, (see [0022], lines 8-18: common 
session...) 

For claim 20, US PGPub '531 discloses: 
The method according to claim 16, further comprising: 

generating at least one other access key based on the authenticated user information; 

transmitting the other access key to at least one other different user terminal; 

receiving the access key from the other user terminal via the communication network at 
a time of a first request for accessing the data stored in the server system; 

authenticating the access key received from the other user terminal; 

generating a session key based on the access key received from the other user terminal; 

transmitting the session key to the other user terminal via the communication network; 

receiving the session key from the other user terminal via the communication network; 

and 
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permitting the other user terminal to access the data in the server system if the session 
key is received within some period of time subsequent to the transmitting of the session key to 
the other user terminal via the communication network, (see [0008] - [0010] and [0024]) 

For claim 21, US PGPub '531 discloses: 
The method according to claim 16, further comprising: 

receiving a hardware identifier transmitted from the user terminal over a communication 
network, 

wherein the authenticating is based on both the secured user information and the 
hardware identifier, (see [0020]: identification information...) 

Conclusion 

5. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as 
set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing date 
of this final action. 

6. Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Laurel Lashley whose telephone number is 571-272-0693. The examiner 
can normally be reached on Monday - Thursday, alt Fridays btw 7:30 am & 5 pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron, Jr. can be reached on 571-272-3799. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Laurel Lashley 
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